Re: [systemd-devel] Systemd ask-password unable to handle cryptsetup passwords with \0 character inside ?
On 06/07/2016 01:26 PM, Lennart Poettering wrote: Not sure where this really leaves us. It leaves people wondering if it fits into bus 1. . . JBG ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Systemd ask-password unable to handle cryptsetup passwords with \0 character inside ?
On Tue, 31.05.16 20:40, Raphaël Gertz (systemd-de...@rapsys.eu) wrote: > Hi, > > My question is relative to the file > systemd/src/shared/ask-password-api.c+651 : > l = strv_parse_nulstr(passphrase+1, n-1); > > On documentation > https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/ it is > specified that message should follow this pattern : > +passwordhere\0 > or > -\0 > With trailing \0 optional in both case. > > If I am right it seems all password sent through AF_UNIX/SOCK_DGRAM are > split using \0 character and cached as differents passwords. Yes, that is correct. > I am trying to create a cgi which send password or keyfile through this > system. > > Cryptsetup can accept two case of password, a 512 max length passphrase in > interactive mode or a 8192 * 1024 keyfile. > (I have read the source code to find that) > > There seems to have nothing disallowing to have a password like "toto\0" or > a keyfile containing "toto\0". > > How am I supposed to submit password with \0 character inside or even worse > case with a \0 at end ? This is simply not supported right now. the ask-password logic is really for passwords only, not for keyfiles. There's no API currently to cover anything else. Sorry. There have been suggestions to improve the situation here, and cover more ground, but this never materialized, because the assumption was to move this all to a proper D-Bus API instead of the AF_UNIX-based logic it is right now. Given that this is early-boot stuff the this could only be delivered with kdbus however, but that was a big failure, hence this never readlly happened. Not sure where this really leaves us. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Systemd ask-password unable to handle cryptsetup passwords with \0 character inside ?
Hi, My question is relative to the file systemd/src/shared/ask-password-api.c+651 : l = strv_parse_nulstr(passphrase+1, n-1); On documentation https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/ it is specified that message should follow this pattern : +passwordhere\0 or -\0 With trailing \0 optional in both case. If I am right it seems all password sent through AF_UNIX/SOCK_DGRAM are split using \0 character and cached as differents passwords. I am trying to create a cgi which send password or keyfile through this system. Cryptsetup can accept two case of password, a 512 max length passphrase in interactive mode or a 8192 * 1024 keyfile. (I have read the source code to find that) There seems to have nothing disallowing to have a password like "toto\0" or a keyfile containing "toto\0". How am I supposed to submit password with \0 character inside or even worse case with a \0 at end ? Same question with file ? Should I try to go around ask-password service and run cryptsetup luksOpen behind his back and later shoot the ask-password process ? Would it need an option to have password provided without modification with trailing \0 with a new format like : =toto\0 With all content considered as a single password ? Best regards ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
